1. 19 7月, 2010 3 次提交
    • D
      Remove 'type' field from FileTypeInfo struct · 779b6ea7
      Daniel P. Berrange 提交于
      Instead of including a field in FileTypeInfo struct for the
      disk format, rely on the array index matching the format.
      Use verify() to assert the correct number of elements in the
      array.
      
      * src/util/storage_file.c: remove type field from FileTypeInfo
      779b6ea7
    • D
      Extract the backing store format as well as name, if available · a93402d4
      Daniel P. Berrange 提交于
      When QEMU opens a backing store for a QCow2 file, it will
      normally auto-probe for the format of the backing store,
      rather than assuming it has the same format as the referencing
      file. There is a QCow2 extension that allows an explicit format
      for the backing store to be embedded in the referencing file.
      This closes the auto-probing security hole in QEMU.
      
      This backing store format can be useful for libvirt users
      of virStorageFileGetMetadata, so extract this data and report
      it.
      
      QEMU does not require disk image backing store files to be in
      the same format the file linkee. It will auto-probe the disk
      format for the backing store when opening it. If the backing
      store was intended to be a raw file this could be a security
      hole, because a guest may have written data into its disk that
      then makes the backing store look like a qcow2 file. If it can
      trick QEMU into thinking the raw file is a qcow2 file, it can
      access arbitrary files on the host by adding further backing
      store links.
      
      To address this, callers of virStorageFileGetMeta need to be
      told of the backing store format. If no format is declared,
      they can make a decision whether to allow format probing or
      not.
      a93402d4
    • D
      CVE-2010-2242 Apply a source port mapping to virtual network masquerading · c5678530
      Daniel P. Berrange 提交于
      IPtables will seek to preserve the source port unchanged when
      doing masquerading, if possible. NFS has a pseudo-security
      option where it checks for the source port <= 1023 before
      allowing a mount request. If an admin has used this to make the
      host OS trusted for mounts, the default iptables behaviour will
      potentially allow NAT'd guests access too. This needs to be
      stopped.
      
      With this change, the iptables -t nat -L -n -v rules for the
      default network will be
      
      Chain POSTROUTING (policy ACCEPT 95 packets, 9163 bytes)
       pkts bytes target     prot opt in     out     source               destination
         14   840 MASQUERADE  tcp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
         75  5752 MASQUERADE  udp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
          0     0 MASQUERADE  all  --  *      *       192.168.122.0/24    !192.168.122.0/24
      
      * src/network/bridge_driver.c: Add masquerade rules for TCP
        and UDP protocols
      * src/util/iptables.c, src/util/iptables.c: Add source port
        mappings for TCP & UDP protocols when masquerading.
      c5678530
  2. 17 7月, 2010 1 次提交
    • J
      man pages: update authors and copyright notice for libvirtd and virsh · de7d4c6a
      Justin Clift 提交于
      This patch removes the individual author names from the libvirtd and virsh
      man pages, instead referring to the main AUTHORS file distributed with
      libvirt.  This approach is needed, as we can't guarantee unicode support
      across all versions of pod2man used with libvirt.
      
      Additionally, this patch includes the libvirtd man page in the spec file
      used with "make rpm".  Without this patch "make rpm" is broken.
      de7d4c6a
  3. 16 7月, 2010 5 次提交
  4. 15 7月, 2010 3 次提交
    • R
      daemon: dispatch.c should include stdio.h (and stdarg.h) · a3fc67a1
      Ryota Ozaki 提交于
      dispatch.c requires stdio.h (and stdarg.h), however, currently
      dispatch.c implicitly relys on rpc/xdr.h to include stdio.h.
      If rpc/xdr.h unxpectedly does not include stdio.h, the compilation
      of dispatch.c fails.
      
      This can happen, for example, when portablexdr is installed
      under /usr/local; because portablexdr's rpc/xdr.h does not
      include stdio.h and gcc looks up it not /usr/include/rpc/xdr.h.
      
      Note that stdarg.h is also included according to man va_start,
      although stdio.h seems including it anyway.
      a3fc67a1
    • J
      uml_driver: correct logic error in umlMonitorCommand · 60ef6d63
      Jim Meyering 提交于
      * src/uml/uml_driver.c (umlMonitorCommand): Correct flaw that would
      cause unconditional "incomplete reply ..." failure, since "nbytes"
      was always 0 or 1.
      60ef6d63
    • J
      qemuConnectMonitor: fix a bug that would have masked SELinux failure · c1fd7d7b
      Jim Meyering 提交于
      * src/qemu/qemu_driver.c (qemuConnectMonitor): Correct erroneous
      parenthesization in two expressions.  Without this fix, failure
      to set or clear SELinux security context in the monitor would go
      undiagnosed.  Also correct a diagnostic and split some long lines.
      c1fd7d7b
  5. 14 7月, 2010 3 次提交
  6. 13 7月, 2010 9 次提交
  7. 12 7月, 2010 2 次提交
  8. 10 7月, 2010 1 次提交
  9. 09 7月, 2010 3 次提交
  10. 08 7月, 2010 2 次提交
  11. 07 7月, 2010 5 次提交
  12. 05 7月, 2010 1 次提交
  13. 03 7月, 2010 1 次提交
  14. 02 7月, 2010 1 次提交